Not even a month into the new year and cybersecurity issues have hit many notable organisations.
APAC organisations suffered seven or more attacks infiltrating their networks or systems over the past year, and the majority (81 per cent) suffered one or more attacks. Over two thirds (76 per cent) of surveyed organisations in APAC expect that such attacks are “somewhat” to “very” likely to be successful in the coming 12 months.
In February 2021, the Australian Cyber Security Centre reported it received 166 cyber security incident reports relating to the health sector. This is an increase from the 90 reported incidents affecting the health sector during the 2019 calendar year and likely a result of increased targeting of the health sector due to COVID-19. Incidents reported by the health sector are primarily from health care providers, as well as customers falling victim to health-related scams or data breaches.
Also in February this year, Singapore telecommunications giant, Singtel reported its third-party vendor Accellion that it has suffered a cyber-attack. According to Singtel, Accellion’s file sharing system called FTA has been illegally attacked by unidentified hackers. This is a standalone system that we use to share information internally as well as with external stakeholders.
In March 2021, non-profit organisation discloses database was “unlawfully” accessed. Australian independent not-for-profit Oxfam Australia has found supporters’ information on one of its databases was “unlawfully accessed” by an external party on 20 January 2021, following an independent IT forensic investigation.
Malaysia Airlines, this month also tweeted “the data security incident occurred at our third-party IT service provider and not Malaysia Airlines’ computer systems”.
“However, the airline is monitoring any suspicious activity concerning its members’ accounts and in constant contact with the affected IT service provider to secure Enrich members’ data and investigate the incident’s scope and causes,” stated Malaysia Airlines.
During the same time media reports state that about 580,000 Singapore Airlines SIA customers have been affected by a data leak external firm Sita, a multinational information technology company providing IT and telecommunication services to the air transport industry
SIA said in a statement that members of its KrisFlyer and PPS Club reward programs have had their membership numbers, tier status and, in some cases, membership names compromised.
Sita issued a statement Sita confirming that it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on Sita Passenger Service System, which operates passenger processing systems for airlines.
Ramping up cybersecurity
With all these types of incidents occurring more frequently, companies in countries like Australia and New Zealand have increased their security spending an additional 10-20 per cent on last year’s originally budgeted IT spending plans.
Despite organisations cutting spending in many areas during 2020 due to the impact of COVID-19, security remains a consistent area of increased investment in both countries. These findings come according to IDC’s recently released Australia and New Zealand security report, which examines the pandemic’s impact on the security needs and investments of A/NZ businesses.
Robust cybersecurity investments are vital to business recovery from the effects of COVID-19 because security is what fully enables the ‘next normal’ in the Future of Work, said Emily Lynch associate market analyst for A/NZ IT Services.
“The shift to new models of working drives a crucial need to invest in security measures to enable these remote and hybrid working environments,” she said.
IDC research found that 98 per cent of A/NZ organisations rated workplace security as an important capability in enabling business/operational continuity through the pandemic.
“Many of these businesses intend to invest further in their cybersecurity over the next 1-2 years, with remote access needs and accelerating secure innovation the main drivers of this growth,” noted Lynch.
Looking to 2021 and beyond, top security priorities in A/NZ revolve around data and information security in an increasingly complex environment. A/NZ organisations have been forced to rethink how to keep sensitive customer and company data secure – data that needs to be accessed anytime, anywhere, including from less secure home networks. Securing new devices and residential networks is a major security challenge for A/NZ organisations, said Lynch.
“The increased complexity of IT environments because of the pandemic is a turning point for organisations’ data security strategies,” she noted. “Many organisations lack a long-term security investment road map that is recalibrated after the upheaval of 2020. Resolving poorly configured solutions and rushed deployments will be a near-term focus point as businesses look to re-set strategy for the coming year.”
Enterprise information security and risk management end user spending in India is on pace to total US$2.08 billion in 2021, an increase of 9.5 per cent from 2020, according to the latest forecast from Gartner, Inc.
“The overnight move to remote-working in reaction to the pandemic exposed organizations’ vulnerabilities” said Prateek Bhajanka, senior principal research analyst at Gartner. “While security leaders had to cut-down on their security spending in 2020 because of IT budget-cuts, in 2021, this trend is reversing. A secure digital environment is now foundational to organizations’ growth and in preparation to another crisis that may arise. Security leaders are ready to reinvest in cybersecurity with a renewed and refreshed rigor.”
Gartner analysts shared how security and risk management leaders (CISOs) can advance their IT cybersecurity and risk strategy at the Gartner Security & Risk Management Summit India taking place virtually through Thursday.
In 2021, organisations are expected to increase their spending across all segments of security and risk management. Continuing the trend from last year, cloud security and integrated risk management will experience the highest growth in 2021, up 251 per cent and 27.8 per cent, respectively.
CISO focus across APAC
CISOs and security leaders are aware of the risks and vulnerabilities that their organizations can be exposed to while migrating to cloud from legacy systems. To manage these risks, organizations are increasing their spending on cloud security tools, driving the market up 251.1 per cent in 2021. Cloud access security brokers (CASB) and cloud workload protection platform (CWPP) will be some of the major technologies that CISOs in India will increase their spending on within the cloud security segment in 2021.
In addition, Indian CISOs and security leaders will focus on establishing and deploying threat detection and response programs and capabilities, such as endpoint detection and response (EDR),and move to cloud delivered security capabilities to have consistent security coverage whether working from office, home or off-site.
According to Gartner Security and risk management leaders are experiencing widespread disruption in identity and access management (IAM) solutions for many reasons, most notably because of the increased drive to customer-facing interactions on digital channels and the sudden and rapid expansion of the remote workforce because of the pandemic.
The old security model of “inside means trusted” and “outside means untrusted” has been broken for a long time. Most digital assets and devices are outside the enterprise, as are most identities.
By 2025, cybersecurity mesh will support more than half of all IAM requests, enabling a more explicit, mobile and adaptive unified access management model. The mesh model of cybersecurity provides a more integrated, scalable, flexible and reliable approach to digital asset access control than traditional security perimeter controls.